Re: postfix password authorisation not working

[Patrick Ben Koetter]

* Zalezny Niezalezny :
> Hi,
> 
> I just woudl like to know what I`m doing wrong.
> I read postfix documentation several times and I configured SASL
> authentication exacly as it was described. But even with this I do not see
> in the telnet output lines similar to this
> 
> 250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
> 
> 
> This is my telnet output:
> 
> ehlo localhost
> 250-ip-172-31-28-250.eu-central-1.compute.internal
> 250-PIPELINING
> 250-SIZE 1024
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> 
> 
> This is my main.cf configuration:
> # ###
> #TLS
> smtpd_tls_auth_only = yes

If you enable smtpd_tls_auth_only you will see AUTH only in a a TLS session.

Use swaks and let it AUTH in a TLS session. By default it sends the session
output to STDOUT and you should be able to see everything.


p@rick


-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

postfix password authorisation not working

[Zalezny Niezalezny]

Hi,

I just woudl like to know what I`m doing wrong.
I read postfix documentation several times and I configured SASL
authentication exacly as it was described. But even with this I do not see
in the telnet output lines similar to this

250-AUTH DIGEST-MD5 PLAIN CRAM-MD5


This is my telnet output:

ehlo localhost
250-ip-172-31-28-250.eu-central-1.compute.internal
250-PIPELINING
250-SIZE 1024
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN


This is my main.cf configuration:
# ###
#TLS
smtpd_tls_auth_only = yes
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/server.key
smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
#smtpd_tls_CAfile = /etc/postfix/ssl/startssl-ca-bundle.pem
smtp_tls_CAfile = $smtpd_tls_CAfile
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
tls_random_source = dev:/dev/urandom

#SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
#smtp_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
#smtpd_sasl_type = cyrus
#smtpd_sasl_path = private/auth
#smtpd_tls_auth_only = yes
smtpd_relay_restrictions =
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
# ###


And this is master.cf

# ##
# ==
# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
# ==
smtp  inet  n   -   n   -   -   smtpd
#smtp  inet  n   -   n   -   1   postscreen
#smtpd pass  -   -   n   -   -   smtpd
#dnsblog   unix  -   -   n   -   0   dnsblog
#tlsproxy  unix  -   -   n   -   0   tlsproxy
submission inet n   -   n   -   -   smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
#smtps inet  n   -   n   -   -   smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
# #


How to enable TLS with SASL in Postfix properly ?



Thanks in advance for an any hints!


With kind regards

Zalezny